back to article Syrian Electronic Army in news site 'hack' POP-UP MAYHEM

The Syrian Electronic Army has compromised a number of news websites – apparently through DNS redirects via Gigya, a customer identity management platform used by all the sites. The Pro-Assad javascript popup appeared across several websites, including The Telegraph, The Independent, Forbes, Time Out, PC World and The Evening …

  1. Woodgie

    Yep, my wife called me to alert me to all the fun she was having on the Forbes website.

  2. Anonymous Coward
    Anonymous Coward

    AdBlock

    Was there anyway - I hate crap ads.

    1. Anonymous Coward
      Anonymous Coward

      Re: AdBlock

      Is installed, isn't helping, still $^"^"%^% happening.

      "some time" indeed. What 30 years ?

  3. Google

    Adblocks are more than an eliminator of annoying ads, they're a security measure. It's not a rare occurrence for ad networks to serve up malware.

    Imagine if they decided their network of Syrian fighters could use some extra funds and targeted flash instead for your banking credentials to be send right back the first time you login to your banking site.

    1. Blitterbug
      Happy

      Adblocks......they're a security measure...

      Do it in the HOSTS file, it's cleaner, more foolproof and you don't need bloaty BHOs installed on every browser you use.

      1. Wzrd1

        Re: Adblocks......they're a security measure...

        "Do it in the HOSTS file, it's cleaner, more foolproof and you don't need bloaty BHOs installed on every browser you use."

        Been doing that myself after getting malware warnings from my antivirus/firewall. If it's alerting on malvertisment now, one shudders to consider zero day attacks that AV/FW may not notice.

  4. Bloakey1

    Gigiya the Culprit

    Yup. US National hockey league, The Standard, OK Magazine, Parts of the Telegraph,Ferrari, Forbes PC World, Dell, Microsoft, etc. etc.

    It appears that they launched an attack through Gigya using DNS redirects, so independent.co.uk redirected to http://i.imgur.com/qD53RZY.png which is a FSA page that displays their logo.

    Pulling up other pages on the site such as cricket, sport etc. did not show the same behaviour and things were as normal. So all in all no brilliant skilled attack using zero day exploits or spear phishing just the normal basic redirection to their site.

    Apparently they are supporters of a charming chap called Bastard al Assad, a medical chap and not the kind of man to inflict unspeakable carnage and horror on his people. A pink and fluffy chap and the kind of man you would like to have a few pints with down the local boozer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Gigiya the Culprit

      Yes, just to clarify this is the guy inflicting unspeakable carnage on the country, not to be confused with the guys fighting him who're also inflicting unspeakable carnage on the country, as well as the country next door, with guns and money the west sent them last year. They also have an active internet promotional effort, which involves beheading western charity workers on video, though all things considered I'd prefer they too just stuck to javascript popups on the Indy.

      1. AbelSoul
        Trollface

        Re: Yes, just to clarify...

        Clear as mud

    2. veti Silver badge

      Re: Gigiya the Culprit

      To be clear, Gigya is a company whose marketing pitch is "We'll help you stalk people who visit your website".

      If only we had a complete list of everyone affected by this hack, we'd have a great list of websites to avoid in future. Not because they're insecure, just because they're scum.

      1. Wzrd1

        Re: Gigiya the Culprit

        "If only we had a complete list of everyone affected by this hack, we'd have a great list of websites to avoid in future. Not because they're insecure, just because they're scum."

        My company had part of its internet presence interrupted by this, according to our security teams.

        My only remark was, *never* deal with anyone who uses GoDaddy.

  5. Anonymous Coward
    Anonymous Coward

    Morons

    Whoopy do, they got a silly pop-up onto a few news sites for an hour or so. What a blow for the regime! They can go and boast about it to their mates now, if their mums will let them out.

    1. Mark 85 Silver badge

      Re: Morons

      Since there's no basements over there (kinda' hard to put one in sand), I'm sure they're going out the window so mum doesn't know.

  6. Alistair Dabbs

    Al Jazeera Hackathon

    http://canvas.aljazeera.com

    I think we already have a winner.

    1. Wzrd1

      Re: Al Jazeera Hackathon

      As I personally know quite a few of the Am Jazeera team, I'll take their word for it, rather than your innuendo.

      From the site:

      "Canvas is a platform for experimentation, and it is being kicked off with an inaugural hackathon. We’re creating a space to explore and invent solutions to challenges that advance humanity while also pushing forward media and open source technologies. At the hackathon, you can collaborate with some of the most innovative minds in media and journalism to imagine the future of news and information. What will you create with a blank canvas? We are taking applications for designers, developers, media experts, and people with a passion for social innovation to join us for the inaugural Canvas hackathon on November 29th – December 1st, 2014."

  7. Anonymous Coward
    Anonymous Coward

    I work at a major telecoms company today and we were all notified to switch off our computers and unplug ethernet cables if we got that message.

    You'd think that a telecoms company would understand when something isn't an actual threat.

    1. Anonymous Coward
      Anonymous Coward

      How do you know you wont be client-sided, your files encrypted, demanding bitcoins to fund their revolution?

      1. Not That Andrew

        You mean for Assad's Swiss bank account, Shirley?

    2. Known_Unknown
  8. @Cloudmark

    Websites are only as secure as their weakest components

    The Syrian Electronic Army is claiming to have hacked a number of sites, but evidence points to an advertising network at the heart of the attacks. This attack combines two weak points in the Internet's infrastructure, ad networks and DNS – and highlights how both were not built with security in mind.

    A website is only as secure as the weakest component on that website. If you display adverts from a third party advertising network, your visitors are vulnerable to any security holes on that advertising network. We saw how problematic this can be recently when visitors to AOL, Match.com and Yahoo! clicked on a malicious advert and were then infected with the Cryptowall ransomware. The DNS system, one of the fundamental building blocks of the Internet, dates back to the days when everyone on the network trusted everyone else. Security in the DNS system has come as an afterthought and therefore, taking control of someone else's DNS account does not require any great technical expertise. It can be as simple as tricking the registrar into assigning the account to someone else.

    The Syrian Electronic Army are experts at social engineering and spear phishing. Most registrars would think twice before changing ownership of the domain name of a major newspaper to another owner - though it did happen to Craigslist recently - but they probably won't pay the same attention to the domain name of a startup ad network.

    Securing the internet’s infrastructure has been a continuous discussion within the technology industry, and threats like this bring the conversation back into the spotlight. Large parts of the Internet's infrastructure need to rebuilt from the ground up to be more secure. DNS is one of those parts. The controls on transfer of domain ownership need to be tighter, requiring at minimum dual factor authentication, with the option of certificate or key based authentication for mission critical domain names. However, the DNS protocol itself is also subject to abuse. It can easily be used for DDoS amplification attacks such as the one on Spamhaus, and also lends itself to other abuses such as data exfiltration and botnet C&C. It can represent a single point of failure for critical systems, and as such, must be considered a key security concern for any enterprise.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020